| Vulnerability Name: | CCN-10674 | ||||||
| Published: | 2002-11-18 | ||||||
| Updated: | 2002-11-18 | ||||||
| Summary: | Microsoft Internet Explorer could allow remote attacker to execute script in a victim's Local Computer zone by using the dialogArguments object in an IFRAME to bypass security zone restrictions. A remote attacker could exploit this vulnerability by creating a malicious Web page that uses the showModalDialog or showModelessDialog function to open an IFRAME containing a dialogArguments object that references either the privacypolicy.dlg local resource file in Internet Explorer 6.0 or the analyze.dlg local resource file in Internet Explorer 5.5. An attacker could use this vulnerability to execute script within a victim's local security zone, which could allow the attacker to steal cookies from the victim's computer, hijack Hotmail or MSN Messenger accounts, or execute arbitrary commands on the victim's computer. | ||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Nov 19 2002 - 11:32:46 CST Re: (MSIE) when parent gives his son bad things ;) --"dialogArguments " again Source: CCN Type: BugTraq Mailing List, Mon Nov 18 2002 - 19:45:45 CST (MSIE) when parent gives his son bad things ;) --"dialogArguments " again Source: CCN Type: BugTraq Mailing List, 2002-11-20 8:55:17 RE: (MSIE) -"dialogArguments" (extended) Source: CCN Type: BID-6205 Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability Source: XF Type: UNKNOWN ie-iframe-dialogarguments-access(10674) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||